How to allow SVG uploads in WordPress
SVG is the format of choice for logos and icons, but WordPress blocks it out of the box. There are two ways to enable it: install a plugin, or add a small filter to your theme or plugin code.
Problem: WordPress blocks SVG uploads by default.
Solution: There are two options: install a plugin or write custom code. WordPress has several plugins for this — SVG Support is a popular choice. If you'd rather handle it in code, here's how:
add_filter( 'upload_mimes', 'allow_upload_svg' );
function allow_upload_svg( $mimes ) {
$mimes['svg'] = 'image/svg+xml';
return $mimes;
}Keep in mind that SVG files must be sanitized before upload. Sanitization means cleaning the file content to remove potential security vulnerabilities such as embedded scripts or code injection. You can sanitize SVGs with an online tool or a server-side library — a library is generally the more reliable approach. Using the same filter, you can also enable other file types that WordPress blocks by default. To see the full list of currently allowed MIME types, use:
get_allowed_mime_types();NOTE: The upload_mimes filter allows the file type but does not sanitize SVG content. SVG files can carry embedded JavaScript and are a known XSS vector. Always sanitize uploaded SVGs before serving them — the Safe SVG plugin handles both MIME registration and sanitization in one step.
Sources: